LDAP group user explicit proxy

So · ‎07-25-2023

Hello everyone !

I have a weird bug with explicit proxy .

All users( with exception of 2 )

gets only domain user group .

while test in cli shows 2 groups For user

FortiGate-201F_Backup # diagnose test authserver ldap ldap-kerberos testuser testpass
authenticate 'testuser' against 'ldap-kerberos' succeeded!
Group membership(s) - CN=PC,OU=Permissions,OU=Groups,

OU=AEG,DC=domain,DC=local
CN=Domainusers,OU=Permissions,OU=Groups,OU=AEG,DC=Domain,dc=local

So this user only gets one group shown in “assets & identities - firewall users “

and so firewall rule does not work correctly as it shows only 1 group “domainuser”.

And the main weird thing is that

there are 2 users in domain where fortigate displays correctly in assets & identities - firewall users “ “2 or 3 or 4 whatever” groups for those users and the firewall policy works correctly for them .

So · ‎07-26-2023

update found solution :

after searching for 3 days the ldaps user connected to fortigate and http/ keytab-

give him rights domain admin and now everthing is working fine

Active Directory - fortigate user - member of domain users / journal reader / domain admin

View solution in original post

So · ‎07-26-2023

update found solution :

after searching for 3 days the ldaps user connected to fortigate and http/ keytab-

give him rights domain admin and now everthing is working fine

Active Directory - fortigate user - member of domain users / journal reader / domain admin